Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, April 20, 2013

Anti-terrorism strategy? Was this
necessary? How much was “to assure the public” and how much was
actually needed? They knew roughly where #2 was, why shut down all
of Boston? It makes it look like a “free fire” zone – step
outside and we'll shoot first and Mirandize your corpse.

Much of the Boston area has been shut
down to facilitate the manhunt for Dzhokhar Tsarnaev. (Although
Dunkin’ Donuts (DNKN),
a Boston institution, has
remained open at police request to serve emergency response
personnel.)

The unprecedented manhunt in Boston
that concluded successfully Friday night earned law enforcement
authorities the gratitude of the nation.

But as relief replaces fear, the debate
about what this episode means for the future is already beginning.
And one of the most unsettling questions is whether the
violence-related lockdown of a major U.S. city — an extraordinary
moment in American history — sets a life-altering precedent.

There are
already worries that the effort to protect the people of Boston
contained an element of overreaction. Local authorities told the
city and nearby suburbs to “shelter in place” throughout the day
and into the evening. They closed businesses, shuttered government
buildings and suspended all public transportation in the metro area.

That decision concerned some political
leaders and policy experts.

… “If there was some serial
killer on the loose, no one would suggest that we do a lockdown of a
whole city,” said Cohen, now a fellow at the Century Foundation.
“To me, it just plays on our outsized fears of terrorism. … Part
of it is just cover your ass business by public officials.”

… Keeping city residents off the
streets and businesses closed made it easier for Boston to send many
of its police officers across the river to Watertown, where the
Boston cops joined in house-by-house searches and helped keep up a
perimeter so the Tsarnayev couldn’t escape.

… Some critics of the Boston
lockdown noted that during a hunt for a suspected cop killer in Los
Angeles in February, some specific targets like schools were closed
and checkpoints were established, but there was no effort to
quarantine the entire metro area.

Following the 9/11 attacks, which were
of a far larger scope, all civilian airplane traffic in the U.S. and
Canada was grounded until Sept. 13, when service slowly resumed.
Reagan National Airport in Washington reopened Oct. 4 under tighter
security.

Financial activity shuttered in lower
Manhattan with the destruction of the World Trade Center towers on
Sept. 11. The New York Stock Exchange closed until Sept. 17, the
longest suspension since the Great Depression. Other major landmarks
also closed that day, including the Space Needle, Walt Disney World,
and the Sears Tower. Major League Baseball postponed all games
through Sept. 16, while the National Football League bumped the next
Sunday schedule, which in turn meant delaying the Super Bowl by a
week. The Emmy Awards — scheduled for Sept. 16 — were also
delayed by nearly two months.

Cohen noted that despite the enormous
tragedy in New York on Sept. 11, life in many parts of the city
continued relatively close to normal. “I remember sitting in SoHo
where people were sitting outside having lunch. People were not
cowering in fear,” he said.

If there is no requirement for
background checks at gun shows (that change to the law was defeated)
why do we think having more information in a system that will not be
used will keep guns from the mentally ill?

In particular, we
are considering creating an express permission in the HIPAA rules for
reporting the relevant information to the NICS by those HIPAA covered
entities responsible for involuntary commitments or the formal
adjudications that would subject individuals to the mental health
prohibitor, or that are otherwise designated by the States to report
to the NICS.

One of the most problematic issues has
been whether certain state agencies are actually HIPAA-covered
entities that might be prohibited under the Privacy Rule from
disclosing information in the absence of a state law requiring
disclosure. HIPAA already has a provision that permits covered
entities to disclose if required to by state law, and some state
agencies may qualify as “hybrid entities,” which would permit
disclosure, but not all states have mandatory disclosure laws and/or
establish certain agencies as hybrid entities. In response, HHS
writes:

To address these
concerns, the Department is considering whether to amend the Privacy
Rule to expressly permit covered entities holding information about
the identities of individuals who are subject to the mental health
prohibitor to disclose limited mental health prohibitor information
to the NICS. Such an amendment might produce clarity regarding the
Privacy Rule and help make it as simple as possible for States to
report the identities of such individuals to the NICS.

In crafting the
elements of an express permission, we would consider limiting the
information to be disclosed to the minimum data necessary for NICS
purposes, such as the names of the individuals who are subject to the
mental health prohibitor, demographic information such as dates of
birth, and codes identifying the reporting entity and the relevant
prohibitor. We would not consider permitting the disclosure of an
individual’s treatment record or any other clinical or diagnostic
information for this purpose. In addition, we would consider
permitting disclosures for NICS purposes only by those covered
entities that order involuntary commitments, perform relevant mental
health adjudications, or are otherwise designated as State
repositories for NICS reporting purposes.

A Florida bill
that would impose restrictions on the use of unmanned aerial
vehicles, or drones, by state law enforcement officials is one
signature away from becoming the first law of its kind in the
country.

On Wednesday,
Florida’s House of Representatives voted unanimously to approve the
Freedom from Unwarranted Surveillance Act, a bill that would
require local police to obtain a warrant based on probable cause
before using a drone for surveillance purposes. Earlier this
month, the Senate voted unanimously to pass the measure.

If you rob a bank and get away in a
driverless Prius, will the owner be indicted as the driver? Or will
Toyota? Or maybe Google?

If your driverless car
decides -- as so many machines do in movies -- that it has a mind of
its own, will
you be responsible when it decides to mount the curb and plow
straight into your favorite donut store? And what if someone hacks
into your driverless car and you suddenly end up in Alaska, with an
instruction to mow down moose?

You'll tell me this will never happen.
I will point you to the fine profits regularly earned by the world's
insurance companies.

… When prosecutors were playing a
video-taped interview with the defendant, Judge Dennis Graves
suddenly halted the trial after noticing a light glow around juror
Benjamin Kohler’s chest. The judge, who had previously instructed
jurors to pay attention and not to use mobile phones, immediately
halted the proceeding and ordered everybody to vacate the courtroom
except Kohler, the Sheriff’s Department said.

The authorities said Kohler “had no
explanation for his actions.”

The judge declared him in contempt, and
ordered the juror jailed for two days at Marion County Jail.

Are they relying on “the wisdom of
crowds” or just realizing that predicting public taste is really
difficult? One possibility, they don't need to limit themselves to
the best show(s) for the timeslots available, they can produce any
that look likely to produce an audience.

Amazon released its first wave of TV
show pilots and is pushing them all out to viewers and letting
them decide which ones get made. This is in stark contrast to
traditional networks, which order a pilot, analyze it to death to
ensure it fits the precise demographic audience advertisers want and
then shoehorn it into the schedule.

… Both Netflix and Amazon are
upping the streaming video service ante with exclusive content.
Netflix launched House of Cards in February and it’s new
horror drama Hemlock Grove by Eli Roth launched today with
all 13 episodes available for streaming. Both companies are betting
on the exclusive content to draw more customers to their services.

For my Statistics students, but my
lawyer friends might find the “loss of any chance for a profitable
future after being branded as 'average'” Class Action lawsuit
amusing.

"The New York times reports
that statistical scoring by the standardized testing company Pearson
incorrectly
disqualified over 4700 students from a chance to enter gifted /
advanced programs in New York City schools. Only students who score
in the 90th percentile or above are eligible for these programs.
Those in the 97th or above are eligible for 5 of the best programs.
'According to Pearson, three mistakes were made. Students' ages,
which are used to calculate their percentile ranking against students
of similar age, were recorded in years and months, but should also
have counted days to be precise. Incorrect scoring tables
were used. And the formula used to combine the two test
parts into one percentile ranking contained an error.' No mention of
enlisting the help of the gifted children was made in the Times
article, but it also contained a now-corrected error. This
submission likely also contains an erro"

Useful, because I can never remember
when classes end or when grades are due, etc.

Free Printable Calendars is a free to
use online service that does exactly what its name suggests – free
printable calendars. When you visit the website you can get started
with the calendar creation without having to register for any new
accounts. You start by selecting the type of calendar you want.
Supported types include a simple calendar marker, a photo calendar,
an online calendar, a monthly calendar, a yearly calendar, and a
desktop calendar.

Boston
on Lockdown as Residents Are Ordered to 'Shelter In Place' While Cops
Sweep Watertown

In an unprecedented move, the city of
Boston, in its entirety, is being asked to shelter-in-place,
with schools and mass transit closed. Nearby Watertown, where police
and federal authorities are searching for the Boston Marathon bomber
who is still at large, is in lockdown as Friday's
manhunt continues.

At this moment, heavily armed members
of the military, assisted by local law enforcement, are going
door-to-door in Watertown, searching every house, garage, and shed
for bombing suspect Dzhokhar
Tsarnaev. CNN indicates that 9,000
members of law enforcement are involved in the effort.

In light of that, town authorities have
apparently asked businesses to remain closed. According to
the Boston Globe, all vehicle traffic is banned in
that city.

… For many, there's nowhere to go,
anyway. Taxi
service has been suspended. The regional mass transit has
been closed; in part, apparently, because authorities don't want
crowds of people gathering together.

(Related) Rush to sensationalize. (No
need for judgement) We'd rather have “news” than facts.
Anything to “scoop” the other guys...

Boston
Marathon spectator Salah Barhoum, who was interviewed by authorities
following the bombings, swears he 'didn't do it'

… Teenager Salah Barhoum’s face
was plastered on the front page of the New York Post Thursday,
labeling him and a friend “Bag Men” being sought by authorities
investigating the Boston Marathon bombings.

But the FBI later
released surveillance of the actual suspects — neither of whom
resembled the bag-toting Barhoum and his friend on the tabloid’s
cover.

…
At 1:30 a.m. Thursday he turned himself in to cops, who spoke to
him for about 20 minutes and let him go.

Their
only advice: “They said I should delete my Facebook,” Barhoum
said.

Nevertheless, The Post reported
splashed their faces on its pages and suggested they were suspects.

Brian
Krebs reports on a lawsuit where Park Sterling Bank (PSB) in
Charlotte, North Carolina is suing a former client, Wallace
& Pittman PLLC ,
after the latter was the victim of a fraudulent wire transfer. The
breach occurred after a key logger was installed on its system via a
phishing attempt and criminals obtained the firm’s login and
authorization credentials.

The bank claims it did not reverse the
loss, but only temporarily credited the account. The law firm did
not repay the bank for the credited amount, and had at one point sued
them for not having commercially reasonable security in place. That
complaint was later dismissed, and the bank turned around and sued
the law firm.

What are they thinking? “People
hated this last year, but maybe they forgot?” Actions that put
government before individuals is a very liberal (Democrat) thing to
do, how did this get through a Republican controlled House?

Today, Internet
freedom advocates everywhere turned their eyes to the U.S. House of
Representatives as that legislative body considered the Cyber
Intelligence Sharing and Protection Act.

For the second
year in a row, the House voted to approve CISPA, a bill that would
allow companies to bypass all existing privacy law to spy on
communications and pass sensitive user data to the government.
EFF condemns the vote in the House and vows to continue the fight in
the Senate.

The new US
consumer finance watchdog is gearing up to monitor how millions of
Americans use credit cards, take out mortgages, and overdraw their
checking accounts. Their bankers aren’t happy about it.

The Consumer
Financial Protection Bureau is demanding records from the banks and
is buying anonymous information about at least 10 million consumers
from companies including Experian.

While the goal is
to sharpen enforcement and rule-making, banking
executives question why the bureau is collecting so much without
being more specific about the benefits. [Simple: we can, therefore
we must! Bob]

"The federal government’s
role in protecting U.S. citizens and critical infrastructure from
cyber attacks has been the subject of recent congressional interest.
Critical infrastructure commonly refers to those entities that are
so vital that their incapacitation or destruction would have a
debilitating impact on national security, economic security, or the
public health and safety. This report discusses selected legal
issues that frequently arise in the context of recent legislation to
address vulnerabilities of critical infrastructure to cyber threats,
efforts to protect government networks from cyber threats, and
proposals to facilitate and encourage sharing of cyber threat
information among private sector and government entities. This
report also discusses the degree to which federal law may preempt
state law. It has been argued that, in order to ensure the
continuity of critical infrastructure and the larger economy, a
regulatory framework for selected critical infrastructure should be
created to require a minimum level of security from cyber threats.
On the other hand, others have argued that such regulatory schemes
would not improve cybersecurity while increasing the costs to
businesses, expose businesses to additional liability if they fail
to meet the imposed cybersecurity standards, and increase the risk
that proprietary or confidential business information may be
inappropriately disclosed."

"Questions about the scope
and efficacy of the background checks required during certain
firearm purchases have gained prominence following recent mass
shootings. These background checks are intended to identify whether
potential purchasers are prohibited from purchasing or possessing
firearms due to one or more “prohibiting factors,” such as a
prior felony conviction or a prior involuntary commitment for mental
health reasons. Operationally, such background checks primarily use
information contained within the National Instant Criminal
Background Check System (NICS) and a particular focus of the debate
in Congress has been whether federal privacy standards
promulgated under the Health Insurance Portability and
Accountability Act (i.e., the HIPAA privacy rule) or state privacy
laws are an obstacle to the submission of mental health records to
NICS."

Thursday, April 18, 2013

"Distributed denial of service
attacks have increased
their bandwidth by 700 percent in the last quarter, according to
DDoS specialist Prolexic. the average bandwidth has gone up from
5/9Gbps to 48.25Gbps — and the number of packets-per-second is also
up. However, claims of a 300Gbps attack on Spamhaus are almost
certainly false."

The staff of the Federal Trade
Commission is interested in the consumer privacy and security issues
posed by the growing connectivity of consumer devices, such as cars,
appliances, and medical devices, and invites comments on these issues
in advance of a public workshop to be held on November 21, 2013 in
Washington, D.C.

The ability of everyday devices to
communicate with each other and with people is becoming more
prevalent and often is referred to as “The Internet of Things.”
Consumers already are able to use their mobile phones to open their
car doors, turn off their home lights, adjust their thermostats, and
have their vital signs, such as blood pressure, EKG, and blood sugar
levels, remotely monitored by their physicians. In the not too
distant future, consumers approaching a grocery store might receive
messages from their refrigerator reminding them that they are running
out of milk.

Connected devices can communicate with
consumers, transmit data back to companies, and compile
data for third parties such as researchers, health care providers, or
even other consumers, who can measure how their product
usage compares with that of their neighbors. The devices can provide
important benefits to consumers: they can handle tasks on a
consumer’s behalf, improve efficiency, and enable consumers to
control elements of their home or work environment from a distance.
At the same time, the data collection and sharing that smart devices
and greater connectivity enable pose privacy and security risks.

FTC staff seeks input on the privacy
and security implications of these developments. For example:

What are the significant
developments in services and products that make use of this
connectivity (including prevalence and predictions)?

What are the various technologies
that enable this connectivity (e.g., RFID, barcodes, wired and
wireless connections)?

What types of companies make up
the smart ecosystem?

What are the current and future
uses of smart technology?

How can consumers benefit from the
technology?

What are the unique privacy and
security concerns associated with smart technology and its data?
For example, how can companies implement security
patching [Suggests security was not considered at the design phase.
Very “old school.” Bob] for smart devices? What
steps can be taken to prevent smart devices from becoming targets of
or vectors for malware or adware?

How should privacy
risks be weighed against potential societal benefits,
such as the ability to generate better data to improve health-care
decisionmaking or to promote energy efficiency? Can and should
de-identified data from smart devices be used for these purposes,
and if so, under what circumstances?

FTC staff will accept submissions
through June 1, 2013, electronically throughiot@ftc.gov
or in written form. Paper submissions should be mailed or delivered
to: 600 Pennsylvania Avenue N.W., Room H-113 (Annex B), Washington,
DC 20580. The FTC requests that any paper submissions be sent by
courier or overnight service, if possible, because postal mail in the
Washington area and at the Commission is subject to delay due to
heightened security precautions.

SOURCE: FTC

(Related) The technology required to
gather data like how much milk is in your refrigerator is so cheap,
there is no real obsticle to using it to gather data about anyone,
anywhere, at any time. We can, therefore we must?

… at Citizen
— a Portland, Oregon company that designs mobile technology —
things are a little different. Employees at the company are now
uploading data on how much they exercise, what they eat, and how much
they sleep to a central server, as part of an effort to determine
whether healthy employees are actually happier and more productive.
The ultimate aim is to explicitly show employees how they can improve
their work through better personal habits.

If I understand this 'strongly worded
letter,” they are saying, “It's perfectly legal, but we'd kind of
like you to promise not to do it.” Rather than, “That illegal.
Stop it!”

… Florida statutes say that we must
notify the public of any sex offenders in our jurisdiction. We
already do that with Facebook and by going out into the area to
notify people when the person first moves in, but we realized there
was a possible issue with continued notification. For instance, if
somebody moves in after we've gone around notifying people, then
they're not aware that there's a predator there. We're just trying
to do everything we can to make the public aware. And, in a certain
sense, it protects the predator from having people, especially
children, approaching their residence without being duly notified.

So I could add President Bush to the
“Broccoli Lovers” Facebook Group, without his knowledge or
permission, and it's his responsibility to control all those “I
love broccoli” comments?

"The CBC reports that
publicly-elected Gerry Rogers, member of the Provincial Government
for Newfoundland and Labrador, 'has been
removed from the house of assembly for refusing
to apologize for comments made by other users on a Facebook group
of which she had been added to as a member.'
Rogers was unwillingly added to a Facebook Group which included
comments of death threats aimed at Premier Kathy Dunderdale from
other users. From the article: 'Dunderdale said her government
understands how Facebook groups work, and she said it is up
to every MHA to monitor the comments posted on Facebook groups to
which they belong.' Facebook's
policies for Groups are somewhat clear, even if they don't
actually answer the question of 'Can I prevent people from adding me
to a new group?'"

One of those cute things iPhone owners
love to show off is, “Siri, Where is a good place to bury a body?”

Not everyone realizes this, but
whenever you use Siri, Apple’s voice-controlled digital assistant,
she remembers what you tell her.

How long does she remember? Apple
isn’t saying. And the American Civil Liberties Union is concerned.

… What happens with everything that
Siri learns is a big enough concern that last year IBM CIO Jeanette
Horan told MIT’s Technology Review that she’d banned
Siri outright on IBM’s networks, worrying that what people said
to Siri might be stored somewhere.

It wouldn't be “fair” if we didn't
treat everyone like an illegal alien... (Guilty, until e-Verified
innocent!)

Today’s release
of an immigration reform proposal from the Gang of Eight raises a
host of civil liberties issues, many of which the ACLU will
undoubtedly be commenting on in the coming days and weeks.

Today, I’m
focusing on our concerns with one particular program, E-Verify.
Currently, E-Verify is a largely voluntary system where employers
can check with the Department of Homeland Security to see if someone
is allowed to work. Basically it’s a giant list of everyone –
immigrants and citizens – legally in the United States.

is a very
noticeable overreach for an employment system used by small
businesses. Without much stretch, it really inducts working America
into a level of data and intellegence sharing which would match
Philip K. Dick’s Minority
Report.

It is one of the least trustworthy
developments on Immigration reform.

Let me be certain I understand: Stuff
that is sold as “explosive” is not regulated, but fertilizer is
restricted. We don't teach logic in our schools any more, do we.

FBI
Warned in March That ‘Exploding Targets’ Could Fuel Homemade
Bombs

… Exploding targets like Tannerite,
which consists of a mixture of ammonium nitrate and aluminum powder,
are legal; available at sporting-goods stores and websites; and
retail for fairly cheap.

… The FBI recently expressed
concern that tighter restrictions on common bomb precursor materials
like ammonium nitrate fertilizer could lead wannabe domestic
extremists to pack their homemade bombs with the stuff.

For my Intro to IT class. I wonder if
you could make a living dealing with “Data after Death?”

Google has introduced the “Inactive
Account Manager,” which is a polite way of saying “Decide
what you want us to do with your data after you’re dead, because we
will outlive you and your children and your children’s children.

… Now we all know that Google is
rarely the first to do things. It generally takes existing services
— search, e-mail, ignoring your privacy settings — and attempts
to improve on them. This is no exception. Here are some other
services that actually exist to help you deal with your data after
you’ve kicked the bit bucket.

… There are three basic stages for
a search engine: crawling – where content is discovered;
indexing, where it is analysed and stored in huge databases;
and retrieval, where a user query fetches a list of relevant
pages.

Central Hudson Gas & Electric
Corporation has issued a press release updating its customers on the
breach disclosed in
February that affected 110,000 customers:

(POUGHKEEPSIE, NY)
Though New York State and federal law enforcement officials continue
to investigate the incident externally, forensic computer experts
have completed their internal investigation into the February
cyber-security incident that had the potential to
involve banking information for approximately one third of Central
Hudson Gas & Electric Corporation customers.

“Despite
an exhaustive review, these cyber-security forensic experts could not
confirm if any private banking information for any of our customers
was transferred,” said James P. Laurito, Central
Hudson’s president. “They also report that it is likely that it
may never be possible to document if information was transferred.

[ … ]

The investigation
conducted by an expert forensic computer firm on Central Hudson’s
internal systems confirmed that the incident was the result of
malware that infiltrated Central Hudson’s information systems
during or prior to September 2012 but likely lay
dormant until earlier this year, Laurito said. “The
malware, which Central Hudson personnel discovered and disabled on
February 19, 2013, was designed to seek out and export information.
While the potential exists that information contained on the front of
bank checks was exported, it cannot be confirmed what, if any,
information was ever actually transferred,” Laurito said.

How is it that the court will accept
“expert testimony” but there is nothing in the literature that
allows the court to make an independent evaluation? (Or am I missing
something?)

The litigation
arises out of a criminal attack on the payment card systems at the
Hannaford Bros. grocery chain in late 2007 and 2008, which
potentially affected over 4 million card numbers. The
district court initially dismissed the action after the plaintiffs
stipulated that none of the plaintiffs had incurred fraudulent
charges that had not been reimbursed. The court certified
a question to the Maine Supreme Judicial Court, which agreed that in
the absence of physical harm, economic loss or identity theft, the
time and effort spent to avoid or remediate reasonably foreseeable
harm did not constitute cognizable injuries for which damages may be
recovered under Maine law.[1]

On appeal, the
U.S. Court of Appeals for the First Circuit reversed with regard to
two of the claims, finding that the plaintiffs had alleged sufficient
injury for their negligence and implied breach of contract claims
because “fees for replacing cards and the cost of
identity theft protection products were foreseeable costs to mitigate
any harm arising from the data breach.”

Finding themselves
back before the district court, plaintiffs moved to certify a class
consisting of those “Hannaford customers who incurred out-of-pocket
costs in mitigation efforts that they undertook in response to
learning of the data intrusion.” The court addressed each of the
factors provided in Federal Rule of Civil Procedure 23 and ultimately
denied certification based only on a finding that
plaintiffs’ failure to provide expert testimony supporting its
theory of classwide damages meant that common issues would
not predominate with regard to damages. The plaintiffs moved for
reconsideration on April 4, 2013, further clarifying their theory of
damages and asking for 60 days to obtain and tender to the court
appropriate expert evidence.[2]
Because data breach class actions rarely get to this point, a
summary of the court’s review of each element follows.

Experian
reveals a quarter of time online is spent on social networking

Experian
reveals a quarter of time online is spent on social networking:
London, 16 April 2013 – "Insights from Experian, the global
information services company, reveals that if the time spent on the
Internet was distilled into an hour then a quarter of it would be
spent on social networking and forums across UK, US and Australia.
In the UK 13 minutes out of every hour online is spent on social
networking and forums, nine minutes on entertainment sites and six
minutes shopping."

"This report on Big
Data is the first MeriTalk Beacon, a new series of reports
designed to shed light and provide direction on far reaching issues
in government and technology. Since Beacons are designed to tackle
broad concepts, each Beacon report relies on insight from a small
number of big thinkers in the topic area. Less data. More insight.
Real knowledge... Mankind created 150 exabytes (billion gigabytes)
of data in 2005, and 1,800 exabytes in 2012; growth that only
continues to accelerate. Every minute, users: Upload 48
hours of video to YouTube; Send 204 million emails; Spend
$207,000 via the web; Create 571 new websites. Within the
Federal government; U.S. drone aircraft sent back 24 years worth of
video footage in just 2009. Every 24 hours, NASA’s Curiosity rover
can send nearly three gigabytes of data, collecting in mere days the
equivalent of all human knowledge through the death of Augustus
Caesar – from Mars."

I'm sure I must have missed them, but
this is the first “Management” publication I recall having ever
seen. That may explain a lot.

The designation of senior-level
officials to key performance management roles with responsibilities
under the Government Performance and Results Act Modernization Act of
2010 (GPRAMA) has helped elevate accountability for performance
management within federal agencies and ensure high - level
involvement, according to officials GAO interviewed. [What
are they going to say? “We suck at our jobs!” Bob]

News
release: "The process for obtaining FBI files about family
members who may have been the subject of a federal investigation has
just become much simpler with the help of a step-by-step consumer
website: GetGrandpasFBIfile.com
established by Virginia-based Meme Transmission Enterprises... The
Federal Bureau of Investigation maintains billions of pages of
records and millions of files -– all compiled using taxpayer
dollars. But the clock is ticking. Recently, the FBI has begun
destroying the bulk of its historic files to save space. Only a very
tiny fraction of its voluminous files will be preserved at the
National Archives So time is of the essence in asking for files
before they are gone forever. Get Grandpas FBI File makes it easy to
get these files by guiding the public through the process of
completing a request letter. The website does not ask for any
payment, and most requests for FBI files are processed by the FBI
without any fees whatsoever."

Wikispaces
has been a great supporter of classrooms for years now. They
allow any teacher to use their services to create wikis for free and
without advertising. Today, Wikispaces introduced a brand
new look for classroom

Wikispaces
Classroom is a new, free offering from Wikispaces. From the
first look you'll notice that Wikispaces Classroom is quite different
from the old Wikispaces format. Wikispaces Classroom simplifies the
layout of pages to put only the tools students need in order to edit
a page on display and hides the tools students don't need. On the
management side of things Wikispaces Classroom is arranged to make it
easy for teachers to quickly manage projects, alter settings, and see
reports on students' use of the wiki.

Wikispaces is offering some free
webinars about the new Wikispaces Classroom. You can get more
information about those webinars
here.

Applications
for Education

Last year I wrote 5
Ways You Can Use Wikis With Students. Included in that list is
creating digital reference pages as alternatives to textbooks. That
was one of my primary uses of wikis when I taught a ninth grade
geography class that didn't have a current textbook. I often started
a set of pages and had students finish the pages. The new Wikispaces
Classroom has a tool that I wish I had then to quickly see not only
when students accessed pages, but also what they did on the pages.

Tuesday, April 16, 2013

Clearly we need to react when mental
health professionals flag an individual as dangerous. I see no
indication that that happened here. And don't get me started on the
argument that the only way the police knew what guns he had were
because he had followed the law and registered them.

There was a story from upstate New York
that didn’t get my attention when I first read about it. A man was
ordered
to turn in his guns under New York’s new SAFE Act, allegedly
because he had taken anti-anxiety medication and his mental health
history made him a danger to himself or others. His guns were
returned to him after it was discovered that a mistake had been made
and he was not the individual with the mental health
history. The case is raising questions as to whom is
responsible for investigating before a referral is made to the courts
to revoke someone’s permit or have them turn over their guns.

But there’s even more to the story,
it seems, and some legislators and the man’s lawyer are raising
questions about whether medical records are being scoured without
warrants. Capital Tonight reports that the man’s attorney, Jim
Tresmond, is filing a lawsuit:

Tresmond claims
while investigating the “mistake” he discovered that State police
had examined his client’s medical records without a valid search
warrant. Tresmond said that’s a clear violation of federal and
state privacy laws in addition to the New York State Criminal
Procedure Law.

“This is not a
simple case of mistaken identity. Mr. Lewis’ medical privacy was
invaded and he was publicly defamed and humiliated by New York State
officials,” Tresmond said.

Tresmond went a
step further, accusing the State of creating a “clandestine HIPAA
unit” within the Division for Criminal Justice Services, charged
with examining New York residents’ medical records without warrant.

“I believe there
are seven officers assigned to this unit, who are assigned to review
those HIPAA files. And try to nab those people who are on certain
medications, certain treatments, and then pull their licenses across
the state,” said Tresmond.

A State Police
spokesperson told YNN the accusations are “flat wrong.”

In related coverage, Dan Roberts
discusses the alleged HIPAA unit on AmmoLand,
where he repeats a report that the unit was created at the request of
Homeland Security. At this point, there’s been no proof or named
sources, however, so I’m not sure what we can make of all this.

Gov. Chris
Christie has signed a measure intended to prevent New Jersey school
districts from violating students’ privacy rights by tracking them
through school-issued laptops.

Districts that
provide students with laptops, cell phones or other electronic
devices will now have to provide written notification that the device
may track them. The notification also must include a statement that
the school won’t violate the student’s privacy rights.

Following a public comment period, the
Federal Trade Commission has approved nine final orders settling
charges that seven rent-to-own companies and a software design firm
and its two principals spied on consumers using computers that
consumers rented from them. The companies used software to take
screenshots of confidential and personal information, log customers’
computer keystrokes, and in some cases take webcam pictures of people
in their own homes, all without the customers’ knowledge.

In settling the FTC’s
administrative complaint, the respondents will be prohibited from
using monitoring software and banned from using deceptive methods to
gather information from consumers. The settlements will prohibit the
use of geophysical location tracking without consumer consent and
notice, and bar the use of fake software registration screens to
collect personal information from consumers. The seven rent-to-own
stores will also be prohibited from using information improperly
gathered from consumers to collect on accounts. In addition, the
software company, DesignerWare, and its principals, Ronald P. Koller
and Timothy Kelly, will be barred from providing others with the
means to commit illegal acts. All of the proposed settlements
contain record-keeping requirements to enable the FTC to monitor
compliance with the orders for 20 years.

The respondents, with links to the
respective orders and associated public comments, are:

The Commission vote approving the final
orders and letters to members of the public who commented on it was
3-0-1, with Commissioner Wright not participating. (FTC File No.
112-3151; the staff contacts are Julie Mayer, 206-220-4475, and Tracy
Thorleifson, 206-220-4181.)

Of course, as regular readers of this
blog know, there are ongoing lawsuits against Aaron’s that include
allegations that some of the problematic behavior may have continued
after the consent orders were first posted for public comment.

I don’t know if you generally read
the comments submitted by the public on proposed settlements, but
this one generated a lot of public comment – much of it seemingly
by employees and rental store owners who are not happy with the FTC
and think that the case was misrepresented.

It’s unfortunate that the court does
not explain why it declines to review a case. In the meantime,
Congress has failed to update ECPA to clarify and strengthen
protections that we need in a digital world.

Defendant had no
reasonable expectation of privacy in his computer from police
accessing it via Limewire when he was hooked up to the Internet. He
did not create an expectation of privacy from his efforts to hide
files on his computer. Warshak has no application to this situation.
United
States v. Conner, 2013 U.S. App. LEXIS 7437, 2013 FED App. 0365N
(6th Cir. April 11, 2013)

Warshak does not control this case
because peer-to-peer file sharing is different in kind from e-mail,
letters, and telephone calls. Unlike these forms of communication,
in which third parties have incidental access to the content of
messages, computer programs like LimeWire are expressly designed
to make files on a computer available for download by the public,
including law enforcement.

“We've invited Mr. Fox here to give
us a lecture on henhoue protection.” What could possibly go wrong?

Facebook and
privacy sometimes seems like an oxymoron — words or ideas that
contradict one other. Users complain about Facebook’s privacy
settings being too difficult to understand
and properly implement.

"The last few months a digital
inheritance idea has been floating around in my head, and I am sure
the thought has crossed your mind as well. With Google talking about
the inactive
account program it made me wonder, how do I make sure my children
get my iTunes, and amazon movies? I have plenty of mp4 movies on my
server that will just set itself to admin with no password after I do
not log in within a 6 month time frame. But what about the huge
amount spent on digital content every year? What's the best way to
make sure your "digital inheritance" gets passed down?"

Inside the minds... (Such as they are)
“We plan on moving to this new and clearly superior technology,
but first we have to be sure we can screw it up with the technology
our customers hate.” Not yet to the point where the tail can wag
the dog.

… In a blog
post on Monday, reps for Netflix – which by some estimates now
accounts for around a third of all internet traffic in North America
– said the company definitely plans to get off the Silverlight boat
before it sinks
for good in 2021, and that HTML5 video is probably the solution
... but it's not quite there yet.

The problem? As Netflix cloud
architect Adrian Cockcroft candidly explained at the seventh annual
Linux Collaboration Summit in San Francisco on Monday, "We're
trying to get to the point where we don't need a plugin. But we have
to have DRM."

… When asked by a Linux
Collaboration Summit attendee what Netflix was doing to help push
back against Hollywood's insistence on DRM, the way Amazon and Apple
have done for music downloads, Cockcroft was brutally frank.

"Right now what we're basically
doing is giving billions of dollars to Hollywood to buy the content,
so that they can afford to build more content," he said.
"That's basically the business we're in. We're
a major source of funds for Hollywood and we're mostly
concerned about getting content made and getting it out to our
customers."

"This document examines the
future of machine-to-machine communication (M2M), with a particular
focus on mobile wireless networks. M2M devices are defined, in this
paper, as those that are actively communicating using wired
and wireless networks, are not computers in the traditional sense
and are using the Internet in some form or another. While, at the
global level, there are currently around five billion devices
connected to mobile networks, this may by some estimates increase to
50 billion by the end of the decade. The report provides
examples of some of the uses to which M2M is being put today and its
potential to enhance economic and social development. It concludes
that to achieve these benefits, however, changes to
telecommunication policy and regulatory frameworks may be required.
Some of the main areas that will need to be evaluated, and
implications of M2M assessed, include: opening access to mobile
wholesale markets for firms not providing public telecommunication
services; numbering policy; frequency policy; privacy and security;
and access to public sector information."

Here at MakeUseOf we get a lot of
questions
on MakeUseOf Answers asking for sources of free
eBooks. The benefit of owning a physical, printed book lies in
the ability to pick it up, examine it and borrow or loan it to
friends and family. It’s no secret that the traditional lending of
literature can be achieved using Amazon’s Kindle format, but this
is only possible
between other Kindle users.

And so that’s where Ownshelf comes
in. The service which is currently in beta uses Facebook as a
platform for connecting you with people you already know. In
reality, it’s like a Dropbox for eBooks and best of all it doesn’t
matter which eReader you own or which eBookshop you frequent,
provided the format is ePub you can share between platforms.

Once you’ve logged in and approved
the app to use your Facebook account you can upload files in ePub
format which will then appear on your bookshelf ready to be shared
with your friends. You can also browse the shelves of others in your
friends list or borrow books with the click of a button, though you
might want to tell your eReading buddies to sign up for the Ownshelf
service as it feels a little empty on your own.

Finding the best education technology
tools is a time-consuming task. It may even be viewed as a chore
(for some). Typically, one tracks down a handful of useful apps or
web tools and puts them through their paces at home. Then you
probably don’t use any of them because each tool took far too long
to understand, use, become accustomed to, and actually implement in a
classroom.

That’s why I was so excited to find
this Symbaloo created by user
lcobbs detailing 50 great classroom tools that are all easy to
implement into just about any classroom. From Animoto
to Prezi to Dropbox
to Stixy (wait
what?), there’s a lot to check out. Don’t know all 50 tools? I
didn’t! Click on each icon to get an idea about each tool and
learn more.

Monday, April 15, 2013

Last month, Schnucks Markets,
a multi-state chain of grocery markets, disclosed that customers at
some of its stores had become victims of card fraud. I duly entered
the reports in DataLossDB.org, but didn’t post anything on this
blog.

This past week, I emailed Schnucks to
ask for some more details. They declined to answer any specifics,
but just today issued a statement that does address some of the
questions I had posed to them:

Leaders of St.
Louis-based Schnuck Markets, Inc., today announced that between
December 2012 and March 29, 2013, approximately 2.4 million credit
and debit cards used at 79 of its 100 stores may have been
compromised. The company emphasizes that only the card number and
expiration date would have been accessed – not the
cardholder’s name, address or any other identifying information.

Schnucks has
posted a list
of the 79 stores and specific dates for each store at
www.schnucks.com. In
addition, Schnucks has distributed a timeline
of the actions taken to investigate, find, contain, and share
information about the cyber-attack, as well as a personal video
message from Chairman and CEO Scott Schnuck.

“On behalf of
myself, the Schnuck family, and all of our 15,000 teammates, I
apologize to everyone affected by this incident,” said Scott
Schnuck.

… Schnucks has
worked with its payment processor to make sure all potentially
affected card numbers are sent to the credit card companies so that
they may continue sending alerts to the issuing banks. Those
banks will then be able to take steps to protect their cardholders,
such as adding enhanced transaction monitoring or reissuing a new
card. Many banks have already taken these steps.

“Customers have
asked me if it is safe to shop at Schnucks,” continued Schnuck.
“Yes, we believe it is, and we will work hard to keep it that way.”

… Schnucks
provided the Secret Service and FBI with information about the
methods and tools used by the attacker and has worked and will
continue to partner with law enforcement to apprehend those
responsible.

This is an example of good
transparency by a breached entity. They disclosed the breach as
soon as they became aware of it (even if it took from December to
March to become aware of it and even though they had to be told by
their card processor to look for a breach), and they updated their
reports by revealing more of what they found as they found it,
including the numbers affected.

The Fourth
District Court of Appeal for the State of California expanded the
tort of “public disclosure of private facts” under that state’s
common law right to privacy in a case involving a claim by an
employee against her supervisor and employer. Ignat
v. Yum! Brands, Inc.et al, No. G046434, (Cal. Ct. App.
March 18, 2013). The plaintiff in that case suffered from bi-polar
disorder and occasionally missed work due to the side effects of
medication adjustments. After returning from such an absence, the
plaintiff alleged that her supervisor had informed everyone in her
department about her medical condition and that, as a result, she was
“shunned” and a co-worker asked if she was going to “go
postal.” The plaintiff filed suit alleging a single cause of
action for invasion of privacy by public disclosure of private facts.

Read more on Lexology.
This is a good case for all employers to consider, as the issue of
how much co-workers can be told if an employee is out on medical
leave or for other personal reasons comes up fairly frequently. To
avoid possible legal problems, it would make sense (to me, anyway)
for an employer to ask the employee, “Your colleagues are concerned
about you – how much do you want me to tell them about what’s
going on?”

"SHEPHERD-MIL, a UAV
which looks like a native bird with the same flight performance,
will be featured at HOMSEC 2013. This UAV is characterized by the
glide-ratio and noiseless motor that make it invisible, silent and
unobtrusive in sensitive missions. SHEPHERD-MIL is equipped with
cameras and geolocation software. The system is especially suitable
for border surveillance missions, firefighting, and anti-drug
trafficking operations amongst others."

"Twenty-five
miles due south of Salt Lake City, a massive construction project is
nearing completion. The heavily secured site belongs to the National
Security Agency. The NSA says the
Utah Data Center is a facility for the intelligence community
that will have a major focus on cyber security. Some published
reports suggest it could
hold 5 zettabytes of data. Asked if the Utah Data Center would
hold the data of American citizens, Alexander [director of the NSA]
said, 'No...we don't hold data on U.S. citizens,' adding that the NSA
staff 'take protecting your civil liberties and privacy as the most
important thing that they do, and securing this nation.' But
critics, including former NSA employees, say the data center is front
and center in the debate over liberty, security and privacy."

According to University of Utah
computing professor Matthew Might, one thing is clear about the Utah
Data Center, it
means good paying jobs. "The federal government is giving
money to the U.'s programming department to develop jobs to fill the
NSA building," he says.

Inevitiable, I suppose. And lots of
people who don't know better will welcome this model.

Facebook Home was released last week
for six new high-end smartphones. But Facebook isn’t going to make
its mobile platform ubiquitous by targeting pricier devices; it needs
to blanket the low end of the market too. Which is why you should
expect the social network to start outright subsidizing smartphone
and even tablet purchases.

Facebook unveiled
its Facebook Home “apperating
system” earlier this month, pitching it as a way to move the
focus of mobile phone and tablets from software to people. The device
should be a boon to users who spend a lot of time chatting and
swapping photos on Facebook, but businesses will soon benefit, too:
Facebook plans to show advertisements right on the lock screen of the
device, interspersed with photos and status updates.

… Here’s how it might work:
Facebook could offer to pay mobile subscribers’ out-of-pocket costs
for a device like, say, the $200 Samsung Galaxy Note II. In
exchange, Facebook Home would be allowed to show advertisements a bit
more often on the device and to report back a bit more tracking data
than it normally does (Facebook says Facebook Home tracks only the
same data as Facebook’s mobile app, plus some anonymized app
launching stats on rare occasion).

Facebook wouldn’t be the first
company to offer ad-supported discounts on digital devices. Amazon
does this already, knocking
roughly 30 percent off the price of a Kindle e-reader for those
willing to accept ads on the lock screen and holding down the price
of its Kindle Fire tablet by showing ads on all
of them. If you think about it, the entire ecosystem of devices
running the Android operating system is advertising subsidized, since
Google only gives away the mobile OS as a way of getting its ads into
more smartphones and tablets.

Books have long been the last holdout
as music, movies, games and even TV shows and magazines have embraced
the subscription model. Pay a single monthly fee and you can gorge
on all the content you can cram into your eyes and ears. But on
Tuesday, Tim Waterstone, the founder of the UK bookstore Waterstones,
announced Read Petite, a subscription streaming service for short
fiction. It’s a baby step toward a new model that could shake up
an industry that has seen traditional books losing ground to e-books,
which comprised 22.5
percent of the book market in 2012.

… Waterson’s Read Petite would
give readers unlimited access to available book for a few bucks a
month. The service will launch this fall, and it will be interesting
to see how it is received by readers and, more importantly,
publishers.

One publisher that’s already on board
is F+W Media.
It offers subscriptions for its library of design, writing reference
and romance genres — genres that lend themselves to the all-you-can
eat subscription model, said Chad Phelps, chief digital officer.

… While specific genres lend
themselves to a subscription service, there is a market for the
two-three book a week reader. It’s just a question
of who will act first and how.

"The Internet Archive has a
great collection of books, music, visual items and websites but, it
had one thing lacking up until now – software. This has changed
recently as The Internet Archive now claims to hold
the largest collection of software in the world. The expansion
at the Internet Archive has come through collaboration with other
independent archives like the Disk
Drives collection, the FTP
site boneyard, Shareware
CD Archive, and the TOSEC
archive. The archive doesn't hold just the
software – it also holds documentation as well."

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.